# Block an IP range of a whole country <sup>March 6th, 2022</sup> * Get a list of IP ranges as assigned to a country of your interest, e.g. from a free service of [IP2Location](https://www.ip2location.com/free/visitor-blocker). * If it does not offer a format you need, take the CIDR version. * If you're using the [Uncomplicated Firwall, ufw](https://wiki.ubuntu.com/UncomplicatedFirewall), convert CIDR to appropriate commands: ``` # for IPv4 while read p; do if [[ $p != \#* ]]; then echo "-A ufw-before-input -s $p -j DROP" >> output-ipv4.rules; fi; done < input-cidr-ipv4.txt # for IPv6 while read p; do if [[ $p != \#* ]]; then echo "-A ufw6-before-input -s $p -j DROP" >> output-ipv6.rules; fi; done < input-cidr-ipv6.txt ``` * Include the rules in the ufw's `/etc/ufw/before.rules` and `/etc/ufw/before6.rules` files for the IPv4 and IPv6 entries respectively. Please note, they have to be added **after** the line `# End required lines` and **before** the `COMMIT` command. * Ensure, you are not about to lock yourself out and reload the ufw by typing `ufw reload` or restart the service/host. Please note, in most common setups **it does not affect** publicly available docker containers and forwarded packets (like in a VPN case). For that use case other tables are to be modified. *** [Main Menu](/) [Next: ESP8266 Power Considerations](/article_2022-05-19_ESP8266%20Power%20Considerations.html) [Previous: Eavesdropped using Pegasus](/article_2022-01-13_Eavesdropped%20using%20Pegasus.html)